{
  inputs,
  config,
  pkgs,
  lib,
  ...
}:
{
  imports = [ ../factories/mkscript.nix ];
  config = lib.mkIf config.my.secureHost {
    sops.secrets = {
      cloudflare-api.sopsFile = ../../secrets/env.yaml;
      dns = {
        sopsFile = ../../secrets/env.yaml;
        owner = config.users.users.jawz.name;
        inherit (config.users.users.jawz) group;
      };
    };
    services.cloudflare-dyndns = {
      # inherit (config.my.scripts.update-dns) enable;
      enable = false;
      ipv4 = true;
      ipv6 = false;
      proxied = false;
      domains = [
        config.my.domain
      ];
      apiTokenFile = config.sops.secrets.cloudflare-api.path;
    };
    my.scripts.update-dns = {
      enable = lib.mkDefault false;
      install = true;
      service = true;
      name = "update-dns";
      timer = "*:0/30";
      description = "Updates the IP of all my domains";
      package =
        let
          inherit (inputs.jawz-scripts.packages.x86_64-linux) update-dns;
        in
        pkgs.writeScriptBin "update-dns" ''
          #!/usr/bin/env nix-shell
          #! nix-shell -i bash -p bash curl 
          set -a
          source ${config.sops.secrets.dns.path}
          set -a
          ${update-dns}/bin/update-dns
        '';
    };
  };
}